diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2017-03-29 20:16:12 -0700 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2017-03-29 20:16:12 -0700 |
commit | 901ee8615026959692050d7dac80c6286bab223f (patch) | |
tree | 7bc1ed0ecbdeaaed29c11dbcc69ea382a3793c67 | |
parent | 2b1a657f0483830415107ce4fb7e17da15dd4b99 (diff) | |
parent | 6e99f0da1d1107e293b160d07e78b8947ad1dc59 (diff) | |
download | keysafe-901ee8615026959692050d7dac80c6286bab223f.tar.gz |
Merge tag '0.20170303'
tagging package keysafe version 0.20170303
# gpg: Signature made Fri 03 Mar 2017 01:20:36 PM MST
# gpg: using RSA key E85A5F63B31D24C1EBF0D81CC910D9222512E3C7
# gpg: Good signature from "Joey Hess <id@joeyh.name>" [full]
# Primary key fingerprint: E85A 5F63 B31D 24C1 EBF0 D81C C910 D922 2512 E3C7
-rw-r--r-- | ByteStrings.hs | 13 | ||||
-rw-r--r-- | CHANGELOG | 6 | ||||
-rw-r--r-- | Encryption.hs | 18 | ||||
-rw-r--r-- | HTTP/ProofOfWork.hs | 17 | ||||
-rw-r--r-- | HTTP/Server.hs | 1 | ||||
-rw-r--r-- | Share.hs | 3 | ||||
-rw-r--r-- | Storage.hs | 12 | ||||
-rw-r--r-- | TODO | 36 | ||||
-rw-r--r-- | doc/details.mdwn | 34 | ||||
-rw-r--r-- | doc/index.mdwn | 16 | ||||
-rw-r--r-- | doc/news/version_0.20160927.mdwn | 20 | ||||
-rw-r--r-- | doc/news/version_0.20161006.mdwn | 10 | ||||
-rw-r--r-- | doc/news/version_0.20161007.mdwn | 9 | ||||
-rw-r--r-- | doc/news/version_0.20161022.mdwn | 12 | ||||
-rw-r--r-- | doc/news/version_0.20161107.mdwn | 14 | ||||
-rw-r--r-- | doc/news/version_0.20170122.mdwn | 8 | ||||
-rw-r--r-- | doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__.mdwn | 10 | ||||
-rw-r--r-- | doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_1_5f3f9b9337e82674dc03a3de4b96ac9f._comment | 17 | ||||
-rw-r--r-- | doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_2_06f4ff0c86aa877656cee67ff054e9b1._comment | 8 | ||||
-rw-r--r-- | keysafe.cabal | 4 | ||||
-rw-r--r-- | stack.yaml | 2 |
21 files changed, 159 insertions, 111 deletions
diff --git a/ByteStrings.hs b/ByteStrings.hs index cecf617..90b42f0 100644 --- a/ByteStrings.hs +++ b/ByteStrings.hs @@ -1,5 +1,3 @@ -{-# OPTIONS_GHC -fno-warn-orphans #-} - {- Copyright 2016 Joey Hess <id@joeyh.name> - - Licensed under the GNU AGPL version 3 or higher. @@ -9,8 +7,6 @@ module ByteStrings where import qualified Data.ByteString as B import qualified Raaz -import Control.Monad -import Data.Word allByteStringsOfLength :: Int -> [B.ByteString] allByteStringsOfLength = go [] @@ -34,9 +30,8 @@ chunkByteString n = go [] let (h, t) = B.splitAt n b in go (h:cs) t -instance Raaz.Random Word8 - -randomByteStringOfLength :: Int -> Raaz.SystemPRG -> IO B.ByteString -randomByteStringOfLength n prg = B.pack <$> replicateM n randbyte +randomByteStringOfLength :: Int -> IO B.ByteString +randomByteStringOfLength n = Raaz.securely gen where - randbyte = Raaz.random prg :: IO Word8 + gen :: Raaz.RandM B.ByteString + gen = Raaz.randomByteString (Raaz.BYTES n) @@ -1,3 +1,9 @@ +keysafe (0.20170303) unstable; urgency=medium + + * Updated to use raaz-0.1.1. + + -- Joey Hess <id@joeyh.name> Fri, 03 Mar 2017 16:15:47 -0400 + keysafe (0.20170122) unstable; urgency=medium * Adjust cabal bounds to allow building with ghc 8.0. diff --git a/Encryption.hs b/Encryption.hs index 880095d..3e085a0 100644 --- a/Encryption.hs +++ b/Encryption.hs @@ -32,10 +32,9 @@ encrypt :: Tunables -> KeyEncryptionKey -> SecretKey -> EncryptedSecretKey encrypt tunables kek (SecretKey secret) = EncryptedSecretKey (chunkByteString (objectSize tunables) b) (keyBruteForceCalc kek) where - -- Raaz does not seem to provide a high-level interface - -- for AES encryption, so use unsafeEncrypt. The use of - -- EncryptableBytes makes sure it's provided with a - -- multiple of the AES block size. + -- Raaz does not provide a high-level interface for AES encryption, + -- so we use unsafeEncrypt. The use of EncryptableBytes makes + -- sure it's provided with a multiple of the AES block size. b = Raaz.unsafeEncrypt cipher (keyEncryptionKey kek, keyEncryptionIV kek) $ getEncryptableBytes $ encodeEncryptableBytes tunables secret @@ -104,8 +103,7 @@ instance HasDecryptionCost (Candidates a) where -- run the hash repeatedly. genKeyEncryptionKey :: Tunables -> Name -> Password -> IO KeyEncryptionKey genKeyEncryptionKey tunables name password = do - prg <- Raaz.newPRG () :: IO Raaz.SystemPRG - saltprefix <- genRandomSaltPrefix prg tunables + saltprefix <- genRandomSaltPrefix tunables return $ head $ genKeyEncryptionKeys [saltprefix] tunables name password @@ -144,12 +142,12 @@ genIV (Name name) = Raaz.fromByteString $ B.take ivlen $ Raaz.toByteString $ Raaz.sha256 name where - ivlen = fromIntegral $ Raaz.byteSize (undefined :: Raaz.IV) + ivlen = fromIntegral $ Raaz.sizeOf (undefined :: Raaz.IV) type SaltPrefix = B.ByteString -genRandomSaltPrefix :: Raaz.SystemPRG -> Tunables -> IO SaltPrefix -genRandomSaltPrefix prg tunables = randomByteStringOfLength n prg +genRandomSaltPrefix :: Tunables -> IO SaltPrefix +genRandomSaltPrefix tunables = randomByteStringOfLength n where n = randomSaltBytes $ keyEncryptionKeyTunable tunables @@ -164,7 +162,7 @@ hashToAESKey (ExpensiveHash _ t) = fromMaybe (error "hashToAESKey fromByteString failed") $ Raaz.fromByteString b where - b = B.take (fromIntegral $ Raaz.byteSize (undefined :: AesKey)) $ + b = B.take (fromIntegral $ Raaz.sizeOf (undefined :: AesKey)) $ Raaz.toByteString $ Raaz.sha256 (E.encodeUtf8 t) -- | A bytestring that can be AES encrypted. diff --git a/HTTP/ProofOfWork.hs b/HTTP/ProofOfWork.hs index a94b19b..61fea20 100644 --- a/HTTP/ProofOfWork.hs +++ b/HTTP/ProofOfWork.hs @@ -95,10 +95,13 @@ mkProofOfWorkRequirement (Seconds n) newtype RequestIDSecret = RequestIDSecret (Raaz.Key (Raaz.HMAC Raaz.SHA256)) +-- | Random data is generated insecurely, eg not locked in memory because +-- this is a transient secret. newRequestIDSecret :: IO RequestIDSecret -newRequestIDSecret = do - prg <- Raaz.newPRG () :: IO Raaz.SystemPRG - RequestIDSecret <$> Raaz.random prg +newRequestIDSecret = RequestIDSecret <$> Raaz.insecurely gen + where + gen :: Raaz.RandM (Raaz.Key (Raaz.HMAC Raaz.SHA256)) + gen = Raaz.random mkRequestID :: RequestIDSecret -> IO RequestID mkRequestID secret = mkRequeestID' secret <$> mkRandomSalt @@ -113,11 +116,15 @@ validRequestID secret rid = let rid' = mkRequeestID' secret (randomSalt rid) in requestHMAC rid == requestHMAC rid' +-- | Random data is generated insecurely, eg not locked in memory because +-- this is a transient secret. mkRandomSalt :: IO RandomSalt mkRandomSalt = do - prg <- Raaz.newPRG () :: IO Raaz.SystemPRG - rs <- replicateM 16 (Raaz.random prg :: IO Word8) + rs <- Raaz.insecurely $ replicateM 16 gen return $ RandomSalt $ T.pack $ concatMap show rs + where + gen :: Raaz.RandM Word8 + gen = Raaz.random class POWIdent p where getPOWIdent :: p -> B.ByteString diff --git a/HTTP/Server.hs b/HTTP/Server.hs index 6fd570d..61bdbfd 100644 --- a/HTTP/Server.hs +++ b/HTTP/Server.hs @@ -18,7 +18,6 @@ import CmdLine (ServerConfig(..)) import Storage.Local import Serialization () import Servant -import Network.Wai import Network.Wai.Handler.Warp import Control.Monad.IO.Class import Control.Concurrent @@ -94,7 +94,8 @@ genShares (EncryptedSecretKey cs _) tunables = do combineShares :: Tunables -> [S.Set Share] -> Either String EncryptedSecretKey combineShares tunables shares | null shares || any null shares || any (\l -> length l < sharesneeded) shares = - Left "Not enough shares are currently available to reconstruct your data." + Left $ "Not enough shares are currently available to reconstruct your data. " ++ + concatMap (\l -> "(Got " ++ show (length l) ++ "/" ++ show sharesneeded ++ ") ") shares | otherwise = Right $ mk $ map (BL.toStrict . SS.decode . map decodeshare . S.toList) shares where @@ -26,7 +26,6 @@ import Control.Concurrent.Async import qualified Data.Set as S import System.Random import System.Random.Shuffle -import qualified Raaz networkStorageLocations :: Maybe LocalStorageDirectory -> StorageLocations networkStorageLocations = StorageLocations . serverList @@ -171,25 +170,24 @@ storeChaff :: HostName -> Port -> Maybe Seconds -> IO () storeChaff hn port delayseconds = forever $ do say $ "Sending chaff to " ++ hn ++ " (press ctrl-c to stop)" say "Legend: + = successful upload, ! = upload failure" - prg <- Raaz.newPRG () :: IO Raaz.SystemPRG - randomname <- randomByteStringOfLength 128 prg + randomname <- randomByteStringOfLength 128 -- It's ok the use the testModeTunables here because -- the randomname is not something that can be feasibly guessed. -- Prefix "random chaff" to the name to avoid ever using a name -- that a real user might want to use. let sis = shareIdents testModeTunables (Name $ "random chaff:" <> randomname) AnyGpgKey - mapConcurrently (go sis prg) + mapConcurrently (go sis) [1..totalObjects (shareParams testModeTunables)] where server = networkStorage Untrusted Nothing $ Server (ServerName hn) [ServerAddress hn port] "chaff server" objsize = objectSize defaultTunables * shareOverhead defaultTunables maxmsdelay = ceiling $ 1000000 * fromMaybe 0 delayseconds - go sis prg n = do + go sis n = do msdelay <- getStdRandom (randomR (0, maxmsdelay)) delay msdelay - b <- randomByteStringOfLength objsize prg + b <- randomByteStringOfLength objsize let share = Share 0 (StorableObject b) let (is, sis') = nextShareIdents sis let i = S.toList is !! (n - 1) @@ -197,7 +195,7 @@ storeChaff hn port delayseconds = forever $ do case r of StoreSuccess -> progress "+" _ -> progress "!" - go sis' prg n + go sis' n -- | Shuffles the list, keeping Recommended first, then -- Alternate, and finally Untrusted. @@ -2,6 +2,20 @@ Soon: * Finish vetting 2 servers to Recommended. * Set up --check-servers in a cron job, so I know when servers are down. +* Remove gpg key passohrase from gpg keys that keysafe backs up. + The reason for this is that the user may well forget their gpg key + passphrase, and it's *weird* to restore a key with keysafe's password + and then have it passphrase protected. + The gpg key passphrase is intended only to keep a key from being used + for a short period of time (a week or so) when the device holding it + is known to have been compromised, so the key can be revoked. + This doesn't really apply to keys backed up with keysafe -- if they get + compromised somehow, the user won't know, and cracking the gpg passphrase + should be almost trivial to an attacker who was able to break keysafe's + password. + paperkey can remove gpg key passphrases. Is there any better way? + It might make sense for keysafe to prompt for a new gpg passphrase + when restoring. Later: @@ -25,11 +39,6 @@ Later: * Add some random padding to http requests and responses, to make it harder for traffic analysis to tell that given TOR traffic is keysafe traffic. -* Argon2d is more resistent to GPU/ASIC attack optimisation. - Switching from Argon2i would require new tunables, and delay restores - (of keys backed up using the old tunables, and when the user provides the - wrong name) by ~10 minutes, so deferred for now - until there's some other reason to change the tunables. Wishlist: @@ -72,3 +81,20 @@ Wishlist: restore from working. (It also makes a malicious data attack (as described in https://keysafe.branchable.com/details/) possible by attackers who do not control the servers. + +Encryption tunables changes: + +* Argon2d is more resistent to GPU/ASIC attack optimisation. + Switching from Argon2i would require new tunables, and delay restores + (of keys backed up using the old tunables, and when the user provides the + wrong name) by ~10 minutes, so deferred for now + until there's some other reason to change the tunables. +* The ShareIdents derivation currently appends a number and sha256 hashes + to generate a stream of values. Ben M points out that HMAC is a more + typical way to do such a thing. Even better, a HKDF-Expand + (RFC5869) can generate a stream which can then be chunked up into values. + Either of these would avoid a full pre-image attack on SHA-2 breaking + keysafe. Of course, such an SHA-2 attack would be a general security + disaster. HKDF may prove more robust in the face of partial SHA-2 breaks. + Deferred for now until tthere's some other reason to change keysafe's + tunables. diff --git a/doc/details.mdwn b/doc/details.mdwn index e0f85e5..b014b2b 100644 --- a/doc/details.mdwn +++ b/doc/details.mdwn @@ -363,3 +363,37 @@ This could be used in several ways: objects for both. If the user is being forced to give up their keysafe name and password, they could provide the fake name, and if it were used, their data would get deleted from the keysafe servers. + +### Better object-id derivation + +An idea from Ben M: + +> I was the fellow who mentioned using an HMAC instead of +> append-index-and-hash to generate the object-ids in keysafe. +> +> That's probably an okay approach if you need to bind the output to a +> particular input string, but on reflection (unless I missed something) +> it would be equivalent for keysafe to take a stream and chop it up, then +> just "number" the chunks sequentially. +> +> In that case, the "most correct" choice would probably be HKDF (RFC5869 +> [1]). Specifically, the second part of HKDF -- "HKDF-Expand". +> +> (The first part, HKDF-Extract, is appropriate to apply /before/ key +> stretching, but stretching itself serves much the same purpose -- +> removing "structure" from the input key. Especially given that Argon2 +> is designed specifically to handle user passwords, I expect that +> HKDF-Extract is entirely unnecessary here.) +> +> HKDF is what TLS 1.3 will use to expand its per-session master keys into +> individual keys for encryption and MACing [2], and AFAIK is generally +> considered The Right Way to generate a stream of distinct keys from a +> master key, where the compromise of any key should not permit derivation +> of the others. +> +> So, um. Pretend I never mentioned HMAC, but spruiked HKDF instead :) +> +> (Of course, this is pretty much bikeshedding. A first pre-image attack +> on SHA-2 in the near term would be a rude shock, and a full break would +> break HKDF too. But HKDF may prove more robust in the face of partial +> breaks, giving more time to move everyone to a new hash or scheme.) diff --git a/doc/index.mdwn b/doc/index.mdwn index e0cda48..873eb35 100644 --- a/doc/index.mdwn +++ b/doc/index.mdwn @@ -40,14 +40,20 @@ For a more in-depth explanation, and some analysis of different attack vectors (and how keysafe thwarts them), see [[details]]. Also, there's a [[FAQ]]. +Here's a video explaining keysafe: + +<html> +<video controls width=400 src="http://mirror.linux.org.au/pub/linux.conf.au/2017/securely_backing_up_gpg_private_keys_to_the_cloud.webm"></video> +</html> + ## News -[[!inline pages="code/keysafe/news/* and !*/Discussion" show="3"]] +[[!inline pages="news/* and !*/Discussion" show="3"]] ## Installation -Keysafe is now available in Debian experimental. Install it from there, or -from source. +Keysafe is now available in [Debian experimental](https://wiki.debian.org/DebianExperimental). +Install it from there, or from source. ## Git repository @@ -63,9 +69,9 @@ libraries, and zenity. For example, on a Debian system: sudo apt-get install haskell-stack libreadline-dev libargon2-0-dev zenity -Then to build and install keysafe: +Then to build and install keysafe, cd into its source tree and run: - stack install keysafe + stack install Note that there is a manpage, but stack doesn't install it yet. diff --git a/doc/news/version_0.20160927.mdwn b/doc/news/version_0.20160927.mdwn deleted file mode 100644 index 1787aa5..0000000 --- a/doc/news/version_0.20160927.mdwn +++ /dev/null @@ -1,20 +0,0 @@ -keysafe 0.20160927 released with [[!toggle text="these changes"]] -[[!toggleable text=""" - * Makefile: Avoid rebuilding on make install, so that sudo make install works. - * Added --chaff-max-delay option for slower chaffing. - * Fix embedded copy of Argon2 to not use Word64, fixing build on 32 bit - systems. - * Randomize the server list. - * Don't upload more than neededshares-1 shares to Alternate servers - without asking the user if they want to do this potentially dangerous - action. - * Added a second keysafe server to the server list. It's provided - by Marek Isalski at Faelix. Currently located in UK, but planned move - to CH. Currently at Alternate level until verification is complete. - * Server: --motd can be used to provide a Message Of The Day. - * Added --check-servers mode, which is useful both at the command line - to see what servers keysafe knows about, and as a cron job. - * Server: Round number of objects down to the nearest thousand, to avoid - leaking too much data about when objects are uploaded to servers. - * Filter out escape sequences and any other unusual characters when - writing all messages to the console."""]]
\ No newline at end of file diff --git a/doc/news/version_0.20161006.mdwn b/doc/news/version_0.20161006.mdwn deleted file mode 100644 index 2758b34..0000000 --- a/doc/news/version_0.20161006.mdwn +++ /dev/null @@ -1,10 +0,0 @@ -keysafe 0.20161006 released with [[!toggle text="these changes"]] -[[!toggleable text=""" - * New --add-storage-directory and --add-server options, which can be used - to make keysafe backup/restore using additional locations. - * Removed --store-local option; use --add-storage-directory instead. - * Fix bugs with entry of gpg keyid in the keysafe.log. - * Fix bug in --autostart that caused the full gpg keyid to be - used to generate object names, which made restores would only work - when --gpgkeyid was specifid. - * Remove embedded copy of argon2 binding, depend on fixed version of package."""]]
\ No newline at end of file diff --git a/doc/news/version_0.20161007.mdwn b/doc/news/version_0.20161007.mdwn deleted file mode 100644 index a7e8468..0000000 --- a/doc/news/version_0.20161007.mdwn +++ /dev/null @@ -1,9 +0,0 @@ -keysafe 0.20161007 released with [[!toggle text="these changes"]] -[[!toggleable text=""" - * Check if --store-local directory is writable. - * Removed dependency on crypto-random. - * Added a LSB init script, for non-systemd systems. - (It currently uses Debian's start-stop-daemon, so would need porting - for other distributions.) - * /etc/default/keysafe is read by both the systemd service file and the - init script, and contains configuration for the keysafe server."""]]
\ No newline at end of file diff --git a/doc/news/version_0.20161022.mdwn b/doc/news/version_0.20161022.mdwn deleted file mode 100644 index e54f26e..0000000 --- a/doc/news/version_0.20161022.mdwn +++ /dev/null @@ -1,12 +0,0 @@ -keysafe 0.20161022 released with [[!toggle text="these changes"]] -[[!toggleable text=""" - * Add keywords to desktop file. - Thanks, Sean Whitton - * Fix use of .IP macro in manpage. - Thanks, Sean Whitton - * Fix some mispellings. - Thanks, Sean Whitton - * Makefile: Propagate LDFLAGS, CFLAGS, and CPPFLAGS through ghc. - * Makefile: Allow setting BUILDER=./Setup to build w/o cabal or stack. - * Makefile: Allow setting BUILDEROPTIONS=-j1 to avoid concurrent - build, which should make build reproducible."""]]
\ No newline at end of file diff --git a/doc/news/version_0.20161107.mdwn b/doc/news/version_0.20161107.mdwn deleted file mode 100644 index d98987e..0000000 --- a/doc/news/version_0.20161107.mdwn +++ /dev/null @@ -1,14 +0,0 @@ -keysafe 0.20161107 released with [[!toggle text="these changes"]] -[[!toggleable text=""" - * The third keysafe server is now available, provided by Purism. - * Purism's keysafe server has been vetted to Recommended level! - * Change default for --port to 4242. - * Fix --check-server to not fail when the server has not had anything - stored on it yet. - * --upload-queued: Exit nonzero if unable to upload all queued objects. - * --autostart: If unable to upload all queued objects initially, - delay between 1 and 2 hours and try again. - * Better suggestion when user is having difficulty thinking of a strong - enough password. - * Defer requesting secret key from gpg until just before backup, so the - user knows why gpg is asking for this secret key to be backed up."""]]
\ No newline at end of file diff --git a/doc/news/version_0.20170122.mdwn b/doc/news/version_0.20170122.mdwn new file mode 100644 index 0000000..de03c93 --- /dev/null +++ b/doc/news/version_0.20170122.mdwn @@ -0,0 +1,8 @@ +keysafe 0.20170122 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * Adjust cabal bounds to allow building with ghc 8.0. + However, the stack.yaml is still using an old LTS version + to avoid polynomial's failure to build with ghc 8.0 + (https://github.com/mokus0/polynomial/issues/8) + * Clarify that dollars in cost estimates are USD. + * Keysafe has a new website, https://keysafe.branchable.com/"""]]
\ No newline at end of file diff --git a/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__.mdwn b/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__.mdwn new file mode 100644 index 0000000..c05748c --- /dev/null +++ b/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__.mdwn @@ -0,0 +1,10 @@ +New version of raaz is released and will hopefully end up in debian expt. soon. +It would be good if we can get keysafe to use the new interface as there is some breakage +but hope fully good ones. + + +Ref. + +https://github.com/raaz-crypto/raaz/issues/278 + +> [[done]] --[[Joey]] diff --git a/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_1_5f3f9b9337e82674dc03a3de4b96ac9f._comment b/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_1_5f3f9b9337e82674dc03a3de4b96ac9f._comment new file mode 100644 index 0000000..0c9734e --- /dev/null +++ b/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_1_5f3f9b9337e82674dc03a3de4b96ac9f._comment @@ -0,0 +1,17 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2017-03-03T19:30:06Z" + content=""" +Got it to compile without a great deal of difficulty. Only needed changes +around random data generation, and that is done with secure memory now +(in cases where it matters), which is nice! (Although I still need to do +further work to make keysafe use exclusively secure memory for gpg key +related material.) + +Keysafe's test suite passes, so this *probably* avoids breaking restore of +keys backed up before. + +I've committed this to master but want to test it some more before +releasing. +"""]] diff --git a/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_2_06f4ff0c86aa877656cee67ff054e9b1._comment b/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_2_06f4ff0c86aa877656cee67ff054e9b1._comment new file mode 100644 index 0000000..eb8a106 --- /dev/null +++ b/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_2_06f4ff0c86aa877656cee67ff054e9b1._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 2""" + date="2017-03-03T20:15:04Z" + content=""" +Tested restore of key backed up with a previous keysafe release; still +works after this conversion. +"""]] diff --git a/keysafe.cabal b/keysafe.cabal index 064a0e8..42e95fd 100644 --- a/keysafe.cabal +++ b/keysafe.cabal @@ -1,5 +1,5 @@ Name: keysafe -Version: 0.20170122 +Version: 0.20170303 Cabal-Version: >= 1.8 Maintainer: Joey Hess <joey@kitenet.net> Author: Joey Hess @@ -38,7 +38,7 @@ Executable keysafe -- the version ranges, it's important to run keysafe --test secret-sharing == 1.0.* , argon2 == 1.2.* - , raaz == 0.0.2 + , raaz == 0.1.1 , base (>= 4.5 && < 5.0) , bytestring == 0.10.* , text == 1.2.* @@ -6,7 +6,7 @@ extra-deps: - dice-entropy-conduit-1.0.0.1 - polynomial-0.7.2 - finite-field-0.8.0 - - raaz-0.0.2 + - raaz-0.1.1 - zxcvbn-c-1.0.0 - servant-0.7.1 - servant-server-0.7.1 |